DC with UGC reboot very slowly

[Guest]

Hi All

as i haven't got any answer from french forum, i try to post here
sorry for my english

My problem :
i have a big forest with 4 domains and near 400 Servers all over the world
1 root and 3 children
some of my servers in child domain are not GC but UGC. Those ones takes a
very long time at reboot (near 45 minutes), i think it's due to request send
to servers in our ASIA datacenter site instead of our FRENCH datacenter, but
i don't know how to disbale this feature (even using dns settings in GPO)
Any idea on this problem.

thanks

ludo

 

[Jorge de Almeida Pinto]

maybe a stupid question
OK, a GC = global catalog, but what is a UGC?


--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx

 

[Guest]

hello
UGC = Universal Group membership Caching, allow to not replicate the
complete partitions but only cachinfg the information needed at user logon
and computer reboot.

Ludo

"Jorge de Almeida Pinto" a écrit :

 

[Jorge de Almeida Pinto]

IMHO opinion, the universal group caching feature is not that great as it
should be
some info about universal group caching
Universal Group Membership Caching
Universal Group Membership Caching is a new feature in Windows Server 2003
that eliminates the need for a domain controller to contact a global catalog
server during the logon process in domains where universal groups are
available. Caching group membership reduces WAN traffic, which helps in
sites where updating the cached group membership of security principals,
including user and computer accounts, generates less traffic than
replicating the global catalog to the site.

Use the following criteria to determine if a site is a good candidate for
Universal Group Membership Caching:

. Number of users and computers in the site: The site has less than
500 combined users and computers, including transient users who log on
occasionally but not on a regular basis. The cache of a user who logs on
once continues to be updated periodically for 180 days after the first
logon. A general limit of 500 membership caches can be updated at a time. If
greater than 500 security principals have cached group memberships, some
caches might not be updated.

. Number of domain controllers: Each domain controller performs a
refresh on every user in its site once every eight hours. Depending on the
number of domains in the forest, 500 security principles and two domain
controllers could generate more WAN traffic than placing a global catalog
server in the site. Therefore, you need to rationalize the WAN costs when
exceeding 500 security principals and two domain controllers.

. Tolerance for high latency in group updates. Because domain
controllers in the site where Universal Group Membership Caching is enabled
update the membership caches every eight hours, and because credentials are
always taken from the cache, updates to group memberships are not reflected
in the security principal's credentials for up to eight hours.



also see:
http://msmvps.com/blogs/donna/archive/2004/03/31/4452.aspx
http://www.windowsnetworking.com/kb...min/TroubleshootingUniversalGroupCaching.html
--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx